Entities allowed between slashes on a protocol relative URL

You can place whitespace between slashes, this vector finds out what entities you can place in between them.

Shazzer Elite

Created Jul 6, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeJS

CharsetUTF-8

$[data1] placeholderhtml_entities

Code used before fuzz:

const div = document.createElement('div')

Template used:

div.innerHTML='<a href="/$[data1]/example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   log('$[data1]');0x0D
}

Sample payloads

div.innerHTML='<a href="/&bsol;/example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&bsol;');0x0D
}

div.innerHTML='<a href="/&NewLine;/example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NewLine;');0x0D
}

div.innerHTML='<a href="/&sol;/example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&sol;');0x0D
}

div.innerHTML='<a href="/&Tab;/example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&Tab;');0x0D
}